The Future of Freedom: Building a new TOR

The Onion Router (TOR) is a great tool that people use to browse the web anonymously. It also acts as a gateway to the dark web – a famous part of the internet hidden from view. However, the tool has come under attack and researchers want to build a new version.

What Is Tor?

Tor is a type of technology that lets people browse the web anonymously. It is both a browser and network run by volunteers. By using Tor, people can bypass censorship and prevent advertisers from tracking them. The Tor network is a group of servers that route web traffic in a special way called onion routing. For more information, check out this great beginner’s guide to Tor.

When you use Tor, your web traffic tunnels through a network of servers all over the world, instead of directly connecting to the website. Tor protects you against something called traffic analysis. Web sites use traffic analysis to find out the source and destination of your web traffic. Advertisers use this to track your behavior and interests, and which sites you visit.

Image by EFF

Tor reduces the risk of traffic analysis by distributing your web transactions over multiple places on the internet. Data packets on Tor follow a random path through several Tor servers called relays. No observer at any single point can tell where the data came from or where it has going. Tor is not perfect, and since it’s a powerful tool for anonymity, it’s a target.

FBI Tor Hack

Edward Snowden leaked documents that reveal agencies like the NSA and GCHQ have been studying Tor for at least ten years, trying to break it. A top secret presentation called Tor Stinks says:

“We will never be able to de-anonymize all Tor users all the time…with manual analysis we can de-anonymize a very small fraction of Tor users…”

In 2015, the FBI targeted over a thousand visitors to a child pornography website called Playpen, calling it “the largest remaining known child pornography hidden service in the world.” The problem? The agency used a secret exploit to hack Tor and ran Playpen using its own servers. How does the government break into one of the biggest anonymous tools in the world? Apparently, they used the help of a former Tor Project developer named Matt Edman.

In a statement to The Daily Dot, the Tor Project confirmed this, saying:

“It has come to our attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware.”

Image from Snopes

By 2012, Edman was working at Mitre Corporation. Mitre is responsible for the industry-standard list of Common Vulnerabilities and Exposures (CVE). In a contradiction, they share security data to beat hackers while also developing malware to help hackers. His role was as a senior cybersecurity engineer on the FBI’s Remote Operations Unit. This team commonly builds or buys hacks and malware to spy on potential criminals.

The U.S. Navy first developed Tor, and the project got most of its funding by the government. So ironically, as ACLU technologist Chris Soghoian points out, “This is the U.S. government that’s hacking itself…one arm of the U.S. government is funding this thing, the other is tasked with hacking it.”

Network Investigative Technique

The FBI calls the exploit a network investigative technique, and they are fighting to keep it secret. The agency claims that revealing this tool would be a breach of national security. If the FBI is successful in classifying this tool, it makes it near impossible for third parties to verify that their evidence in the Playpen case was obtained through legal means.

Earlier this year, a U.S. federal judge excluded all evidence in the FBI case. So far there is no word on what happens next. The case against one of the people caught accessing Playpen hasn’t been dismissed yet, but if the FBI can’t make an appeal, the case might be doomed.

The Future of Tor

Now that Tor has been effectively hacked, research teams are trying to come up with new alternatives. Criminals aren’t the only people that use Tor. Political activists, whistleblowers, and journalists use it as well. De-anonymization of these Tor users could be arrest, torture or death.

Upgrading or replacing Tor is a difficult task. But improvement can provide greater anonymity and privacy, and well as faster web browsing. Most of these alternatives are still in the academic research phase and not yet ready for large-scale deployment.

Herd: Signal without the metadata

The Herd/Aqua projects are the nearest to real-world use. Aqua stands for Anonymous Quanta, and is an anonymous file-sharing network. Herd is based on Aqua and is an anonymous voice over ip (VoIP) service. The researchers received half a million dollars in funding from the US National Science Foundation. The team hopes to have the first Herd nodes online and ready for users in 2017.

Vuvuzela/Alphenhorn: Metadata-free chat

Vuvuzela and its second iteration Alphenhorn want to offer anonymous, metadata-free chat. Two anonymous chat tools already available are Ricochet and Pond. Project leader David Lazar says “Pond and Ricochet rely on Tor, which is vulnerable to traffic-analysis attacks. Vuvuzela is a new design that protects against traffic analysis and has formalized privacy guarantees.

The team will present their research at the 2016 Usenix Symposium on Operating Systems Design and Implementation (OSDI) in November.

Dissent: The strongest-available anonymity

In a collaboration between Yale University and UT Austin, the teams based Dissent on a dining cryptographers algorithm, or DC-net. So far it offers the most anonymous design currently in research. The ultimate use-case for this high latency and low bandwidth tool is one-t0-many broadcasting. This includes blogging, microblogging, and even IRC.

Riffle: Anonymous filesharing

Straight out of MIT, Riffle wants to provide anonymous filesharing. Lead researcher Albert Kwon says “[Riffle is] not a replacement for Tor but complementary to Tor. We have a very different goal. Our goal is to provide the strongest level of practical anonymity we could think of.”

Inspired by Dissent, Riffle’s main use-case is to help journalists anonymously share large files and make it easier for whistleblowers to submit large document sets to publishers.

Riposte: An anonymous Twitter

Another project inspired by Dissent, Riposte [PDF] has one main use: microblogging. Riposte uses DC-net like Dissent, but it can scale to millions of users. Right now it only exists as an academic prototype. Henry Corrigan-Gibbs, lead researcher, says, “My hope is to get some of the ideas from Riposte integrated into existing communication platforms for privacy-sensitive users.”

Hornet: Speedy alternative to Tor

Hornet is a high-speed onion routing network which makes use of next-gen architecture to make tracking users more difficult. Chen Chen of Carnegie Mellon University (the same university that partnered with the FBI to create poisoned Tor nodes) developed Hornet with students from Zurich’s Federal Institute of Technology and University College London.

In a paper called HORNET: High-speed Onion Routing at the Network Layer [PDF] the team describes how Hornet’s router logic was implemented with an Intel software router along with a Hornet client developed for Python. Unlike other onion routers, Hornet doesn’t keep per-flow states or use computationally expensive operations for data forwarding. This lets the system scale without limit, and processes web traffic at high speeds.

Conclusion

If Hornet can be successfully deployed alongside the other tools, Tor may finally be replaced by more secure tools. Multiple tools and services also increase the attack surface and makes it harder to be hacked.